nix-config/nixos/hosts/capibara/default.nix

321 lines
8.2 KiB
Nix

{ config, pkgs, stablePkgs, ... }:
let
home = "/home/rilla";
offline-backups = pkgs.writeScriptBin "offline-backups" ''
#!${pkgs.dash}/bin/dash
set -xe
for x in 0 1 2; do
${pkgs.systemd}/bin/systemctl start "mnt-backups-''${x}.mount"
done && \
/run/wrappers/bin/doas -u btrbk \
${pkgs.btrbk}/bin/btrbk \
--config /etc/btrbk/offline-backups.conf \
--progress \
--verbose \
"$@"
'';
in
{
imports = [
./hardware-configuration/capibara.nix
../../modules/common
../../modules/common/desktop.nix
];
home-manager.users.rilla.imports = [
../../../home/hosts/capibara.nix
];
fileSystems = {
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "defaults" "size=2G" "mode=755" ];
};
"/mnt/btr_root" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvolid=5" "compress=zstd" ];
};
"/mnt/btr_data" = {
device = "/dev/mapper/data";
fsType = "btrfs";
options = [ "subvolid=5" "compress=zstd" ];
};
"/mnt/persist" = {
device = "/dev/mapper/data";
fsType = "btrfs";
options = [ "subvol=persist" "compress=zstd" ];
neededForBoot = true;
};
"/mnt/logs" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=logs" "compress=zstd" ];
neededForBoot = true;
};
"/mnt/data" = {
device = "/dev/mapper/data";
fsType = "btrfs";
options = [ "subvol=data" "compress=zstd" ];
neededForBoot = true;
};
"/mnt/secrets" = {
device = "narwhal:/secrets";
fsType = "nfs";
options = [ "noauto" ];
};
"/mnt/secrets/gnupg" = {
device = "/dev/mapper/gnupg_secrets";
fsType = "btrfs";
options = [ "noauto" ];
};
"/nix" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/c99d1f1b-45a4-4a25-b5b8-bc76464c6825";
fsType = "ext4";
};
"/swap" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=swap" ];
};
"/mnt/vfs_share" = {
device = "/dev/mapper/data";
fsType = "btrfs";
options = [ "subvol=vfs_share" "compress=zstd" ];
neededForBoot = true;
};
"/mnt/backups/0" = {
device = "/dev/mapper/backups0";
fsType = "btrfs";
options = [ "noauto" "subvolid=5" "compress=zstd" ];
};
"/mnt/backups/1" = {
device = "/dev/mapper/backups1";
fsType = "btrfs";
options = [ "noauto" "subvolid=5" "compress=zstd" ];
};
"/mnt/backups/2" = {
device = "/dev/mapper/backups2";
fsType = "btrfs";
options = [ "noauto" "subvolid=5" "compress=zstd" ];
};
};
swapDevices = [{ device = "/swap/swapfile"; }];
environment.etc = {
crypttab = {
text = ''
backups0 UUID="e45232d5-f46f-46f3-a150-be26374b3357" /etc/luks-keys/backups.bin noauto
backups1 UUID="5b3da928-4862-4451-89cd-5bd6a95466d0" /etc/luks-keys/backups.bin noauto
backups2 UUID="cbfa9cba-dee2-4d0b-8cde-2f1d1849b22c" /etc/luks-keys/backups.bin noauto
gnupg_secrets /mnt/secrets/gnupg.img none noauto
'';
};
};
environment.variables = {
LV2_PATH =
"${home}/.nix-profile/lib/lv2:${home}/Audio/plugins/lv2:/run/current-system/sw/lib/lv2";
LXVST_PATH =
"${home}/.nix-profile/lib/lxvst:${home}/Audio/plugins/lxvst:/run/current-system/sw/lib/lxvst";
LADSPA_PATH =
"${home}/.nix-profile/lib/ladspa:${home}/Audio/plugins/ladspa:/run/current-system/sw/lib/ladspa";
};
networking.networkmanager.wifi.macAddress = "CC:AF:78:75:29:32";
nixpkgs.config.allowUnfree = true;
programs.steam.enable = true;
boot = {
loader = {
grub = {
efiSupport = false;
efiInstallAsRemovable = false;
enable = true;
device = "/dev/disk/by-id/ata-KINGSTON_SKC600MS512G_50026B7783FC3D2F";
};
};
initrd = {
luks = {
devices = {
root = {
device = "/dev/disk/by-uuid/869b4b9e-5004-4625-877f-6b1c9489ac8f";
allowDiscards = true;
};
data = {
device = "/dev/disk/by-uuid/6a9246a0-984b-471c-9950-be16db3060f5";
allowDiscards = true;
};
};
reusePassphrases = true;
};
};
};
services.earlyoom.enable = true;
# Power management
powerManagement.enable = true;
services.upower.enable = true;
# services.thermald.enable = true;
services.tlp.enable = true;
services.power-profiles-daemon.enable = false;
environment.systemPackages = with pkgs; [ powertop acpi offline-backups ];
#services.beesd.filesystems = {
# root = {
# spec = "/dev/mapper/root";
# hashTableSizeMB = 256;
# verbosity = "info";
# extraOptions = [ "--loadavg-target" "2.0" ];
# };
#};
# todo: target and/or archive
services.btrbk.instances = {
btrbk = {
onCalendar = "*:0/30"; # every 30 minutes
settings = {
snapshot_preserve = "2d";
snapshot_preserve_min = "latest";
snapshot_create = "onchange";
volume."/mnt/btr_data" = {
snapshot_dir = "btrbk_snapshots";
subvolume = {
data = { };
persist = { };
};
};
};
};
# doas -u btrbk btrbk -c /etc/btrbk/offline-backups.conf --dry-run --progress --verbose run
offline-backups = {
onCalendar = null;
settings = {
ssh_user = "btrbk";
ssh_identity = "/etc/btrbk/id_ed25519";
backend_remote = "btrfs-progs-doas";
snapshot_create = "onchange";
snapshot_preserve_min = "latest";
target_preserve_min = "all";
volume = {
"ssh://narwhal:22/mnt/btr_pool" = {
stream_buffer = "50%";
stream_compress = "zstd";
snapshot_dir = "btrbk_snapshots_offline";
subvolume = {
backups = { };
books = { };
certs = { };
data = { };
docker_volumes = { };
home = { };
http = { };
music = { };
secrets = { };
transmission = { };
videos = { };
};
target = {
"/mnt/backups/0/btr_backup/narwhal" = { };
"/mnt/backups/1/btr_backup/narwhal" = { };
"/mnt/backups/2/btr_backup/narwhal" = { };
};
};
"ssh://suricata:22/mnt/btr_pool" = {
stream_buffer = "50%";
snapshot_dir = "btrbk_snapshots_offline";
compat_remote = "busybox";
subvolume = {
home = { };
rancher_config = { };
backups = { };
configs = { };
};
target = {
"/mnt/backups/0/btr_backup/suricata" = { };
"/mnt/backups/1/btr_backup/suricata" = { };
"/mnt/backups/2/btr_backup/suricata" = { };
};
};
"ssh://caladan/mnt/btr_pool" = {
stream_buffer = "50%";
snapshot_dir = "btrbk_snapshots_offline";
compat_remote = "busybox";
subvolume = {
certs = { };
volumes = { };
};
target = {
"/mnt/backups/0/btr_backup/caladan" = { };
"/mnt/backups/1/btr_backup/caladan" = { };
"/mnt/backups/2/btr_backup/caladan" = { };
};
};
"/mnt/btr_data" = {
snapshot_dir = "btrbk_snapshots_offline";
subvolume = {
data = { };
persist = { };
};
target = {
"/mnt/backups/0/btr_backup/capibara" = { };
"/mnt/backups/1/btr_backup/capibara" = { };
"/mnt/backups/2/btr_backup/capibara" = { };
};
};
};
};
};
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
networking = {
hostName = "capibara";
interfaces = {
eno0.useDHCP = true;
wlp2s0.useDHCP = true;
};
};
system.stateVersion = "23.05";
}